-
Notifications
You must be signed in to change notification settings - Fork 2k
/
version_checker.go
86 lines (77 loc) · 1.69 KB
/
version_checker.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
package consul
import (
"context"
"strings"
"time"
log "github.com/hashicorp/go-hclog"
version "github.com/hashicorp/go-version"
)
// checkConsulTLSSkipVerify logs if Consul does not support TLSSkipVerify on
// checks and is intended to be run in a goroutine.
func checkConsulTLSSkipVerify(ctx context.Context, logger log.Logger, client AgentAPI, done chan struct{}) {
const (
baseline = time.Second
limit = 20 * time.Second
)
defer close(done)
i := uint64(0)
for {
self, err := client.Self()
if err == nil {
if supportsTLSSkipVerify(self) {
logger.Trace("Consul supports TLSSkipVerify")
} else {
logger.Warn("Consul does NOT support TLSSkipVerify; please upgrade Consul",
"min_version", consulTLSSkipVerifyMinVersion)
}
return
}
backoff := (1 << (2 * i)) * baseline
if backoff > limit {
backoff = limit
} else {
i++
}
select {
case <-ctx.Done():
return
case <-time.After(backoff):
}
}
}
var consulTLSSkipVerifyMinVersion = version.Must(version.NewVersion("0.7.2"))
// supportsTLSSkipVerify returns true if Consul supports TLSSkipVerify.
func supportsTLSSkipVerify(self map[string]map[string]interface{}) bool {
member, ok := self["Member"]
if !ok {
return false
}
tagsI, ok := member["Tags"]
if !ok {
return false
}
tags, ok := tagsI.(map[string]interface{})
if !ok {
return false
}
buildI, ok := tags["build"]
if !ok {
return false
}
build, ok := buildI.(string)
if !ok {
return false
}
parts := strings.SplitN(build, ":", 2)
if len(parts) != 2 {
return false
}
v, err := version.NewVersion(parts[0])
if err != nil {
return false
}
if v.LessThan(consulTLSSkipVerifyMinVersion) {
return false
}
return true
}